Skip to main content
CVE-2019-12815 CRITICAL POC PATCH THREAT Act Now

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure RCE Proftpd Fedora Debian Linux +1
NVD GitHub
CVSS 3.1
9.8
EPSS
57.6%
CVE-2019-12725 CRITICAL POC THREAT Act Now

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zeroshell
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
89.8%
CVE-2019-1010238 CRITICAL POC PATCH Act Now

Gnome Pango 1.42 and later is affected by: Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Memory Corruption Pango Sd Wan Edge +11
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2019-12193 CRITICAL POC Act Now

H3C H3Cloud OS all versions allows SQL injection via the ear/grid_event sidx parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi H3Cloud Os
NVD
CVSS 3.0
9.8
EPSS
1.5%
CVE-2019-1010245 CRITICAL POC PATCH Act Now

The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Open Network Operating System
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2019-1010151 CRITICAL POC Act Now

zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Path Traversal Zzmcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.0%
CVE-2019-13973 CRITICAL POC Act Now

LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Layerbb
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2019-13569 CRITICAL Act Now

A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi WordPress Email Subscribers Newsletters
NVD
CVSS 3.0
9.8
EPSS
3.7%
CVE-2019-1010101 CRITICAL Act Now

Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Rufus
NVD
CVSS 3.0
9.8
EPSS
3.4%
CVE-2019-13983 CRITICAL PATCH Act Now

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass PHP Directus 7 Api
NVD GitHub
CVSS 3.0
9.8
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy